[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Nov 12 20:10:51 GMT 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
975f7f56 by security tracker role at 2019-11-12T20:10:38Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2019-18927
+	RESERVED
+CVE-2019-18926 (Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable t ...)
+	TODO: check
+CVE-2019-18925 (Systematic IRIS WebForms 5.4 and its functionalities can be accessed a ...)
+	TODO: check
+CVE-2019-18924 (Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By  ...)
+	TODO: check
+CVE-2019-18923
+	RESERVED
+CVE-2019-18922
+	RESERVED
+CVE-2019-18921
+	RESERVED
+CVE-2019-18920
+	RESERVED
+CVE-2019-18919
+	RESERVED
+CVE-2019-18918
+	RESERVED
+CVE-2019-18917
+	RESERVED
+CVE-2019-18916
+	RESERVED
+CVE-2019-18915
+	RESERVED
+CVE-2019-18914
+	RESERVED
+CVE-2019-18913
+	RESERVED
+CVE-2019-18912
+	RESERVED
+CVE-2019-18911
+	RESERVED
+CVE-2019-18910
+	RESERVED
+CVE-2019-18909
+	RESERVED
+CVE-2019-18908
+	RESERVED
+CVE-2019-18907
+	RESERVED
+CVE-2019-18906
+	RESERVED
+CVE-2019-18905
+	RESERVED
+CVE-2019-18904
+	RESERVED
+CVE-2019-18903
+	RESERVED
+CVE-2019-18902
+	RESERVED
+CVE-2019-18901
+	RESERVED
+CVE-2019-18900
+	RESERVED
+CVE-2019-18899
+	RESERVED
+CVE-2019-18898
+	RESERVED
+CVE-2019-18897
+	RESERVED
+CVE-2019-18896
+	RESERVED
+CVE-2019-18895
+	RESERVED
+CVE-2019-18894
+	RESERVED
+CVE-2019-18893
+	RESERVED
 CVE-2019-18892
 	RESERVED
 CVE-2019-18891
@@ -90,8 +160,8 @@ CVE-2019-18850
 CVE-2019-18849 (In tnef before 1.4.18, an attacker may be able to write to the victim' ...)
 	- tnef <unfixed>
 	NOTE: https://github.com/verdammelt/tnef/pull/40
-CVE-2019-18848
-	RESERVED
+CVE-2019-18848 (The json-jwt gem before 1.11.0 for Ruby lacks an element count during  ...)
+	TODO: check
 CVE-2019-18847
 	RESERVED
 CVE-2019-18846
@@ -118,7 +188,7 @@ CVE-2019-18838
 	RESERVED
 CVE-2019-18837
 	RESERVED
-CVE-2019-18836 (Envoy before 1.12.1 allows a remote denial of service because of resou ...)
+CVE-2019-18836 (Envoy 1.12.0 allows a remote denial of service because of resource loo ...)
 	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles signature checking on some fede ...)
 	- matrix-synapse 1.5.0-1 (bug #944355)
@@ -158,8 +228,8 @@ CVE-2019-18819 (Eximious Logo Designer 3.82 has a User Mode Write AV starting at
 	NOT-FOR-US: Eximious Logo Designer
 CVE-2019-18818 (strapi before 3.0.0-beta.17.5 mishandles password resets within packag ...)
 	NOT-FOR-US: strapi CMS
-CVE-2019-18817
-	RESERVED
+CVE-2019-18817 (Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_ ...)
+	TODO: check
 CVE-2019-18816 (po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows pos ...)
 	NOT-FOR-US: PopojiCMS
 CVE-2019-18815 (PopojiCMS 2.0.1 allows refer= Open Redirection. ...)
@@ -2696,14 +2766,14 @@ CVE-2019-18660
 	RESERVED
 CVE-2019-18659 (The Wireless Emergency Alerts (WEA) protocol allows remote attackers t ...)
 	NOT-FOR-US: Wireless Emergency Alerts (WEA) protocol
-CVE-2019-18658
-	RESERVED
+CVE-2019-18658 (In Helm 2.x before 2.15.2, commands that deal with loading a chart as  ...)
+	TODO: check
 CVE-2019-18657 (ClickHouse before 19.13.5.44 allows HTTP header injection via the url  ...)
 	NOT-FOR-US: ClickHouse
 CVE-2019-18656 (Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBu ...)
 	NOT-FOR-US: Pimcore
-CVE-2019-18655
-	RESERVED
+CVE-2019-18655 (File Sharing Wizard version 1.5.0 build 2008 is affected by a Structur ...)
+	TODO: check
 CVE-2019-18654 (A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet S ...)
 	NOT-FOR-US: AVG
 CVE-2019-18653 (A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, In ...)
@@ -6973,10 +7043,10 @@ CVE-2019-17362 (In LibTomCrypt through 1.18.2, the der_decode_utf8_string functi
 	NOTE: https://github.com/libtom/libtomcrypt/pull/508
 CVE-2019-17361
 	RESERVED
-CVE-2019-17360
-	RESERVED
-CVE-2018-21026
-	RESERVED
+CVE-2019-17360 (A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 a ...)
+	TODO: check
+CVE-2018-21026 (A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 a ...)
+	TODO: check
 CVE-2019-17359 (The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigge ...)
 	- bouncycastle <not-affected> (Vulnerable code introduced n 1.63)
 	NOTE: Introduced only in 1.63, fixed in 1.64.
@@ -7216,14 +7286,14 @@ CVE-2019-17239 (includes/settings/class-alg-download-plugins-settings.php in the
 	NOT-FOR-US: Wordpress plugin
 CVE-2019-17238
 	RESERVED
-CVE-2019-17237
-	RESERVED
-CVE-2019-17236
-	RESERVED
-CVE-2019-17235
-	RESERVED
-CVE-2019-17234
-	RESERVED
+CVE-2019-17237 (includes/class-coming-soon-creator.php in the igniteup plugin through  ...)
+	TODO: check
+CVE-2019-17236 (includes/class-coming-soon-creator.php in the igniteup plugin through  ...)
+	TODO: check
+CVE-2019-17235 (includes/class-coming-soon-creator.php in the igniteup plugin through  ...)
+	TODO: check
+CVE-2019-17234 (includes/class-coming-soon-creator.php in the igniteup plugin through  ...)
+	TODO: check
 CVE-2019-17233 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8. ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2019-17232 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8. ...)
@@ -11002,8 +11072,8 @@ CVE-2019-15817 (The easy-property-listings plugin before 3.4 for WordPress has X
 	NOT-FOR-US: easy-property-listings plugin for WordPress
 CVE-2019-15816 (The wp-private-content-plus plugin before 2.0 for WordPress has no pro ...)
 	NOT-FOR-US: wp-private-content-plus plugin for WordPress
-CVE-2019-15815
-	RESERVED
+CVE-2019-15815 (ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and ea ...)
+	TODO: check
 CVE-2019-15814 (Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow auth ...)
 	NOT-FOR-US: Sentrifugo
 CVE-2019-15813 (Multiple file upload restriction bypass vulnerabilities in Sentrifugo  ...)
@@ -17920,7 +17990,7 @@ CVE-2019-13625 (NSA Ghidra before 9.0.1 allows XXE when a project is opened or r
 	- ghidra <itp> (bug #923851)
 CVE-2019-13624 (In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/Y ...)
 	NOT-FOR-US: ONOS
-CVE-2019-13623 (In NSA Ghidra through 9.0.4, path traversal can occur in RestoreTask.j ...)
+CVE-2019-13623 (In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java ...)
 	- ghidra <itp> (bug #923851)
 CVE-2019-13622
 	RESERVED
@@ -21433,10 +21503,10 @@ CVE-2019-12722
 	RESERVED
 CVE-2019-12721
 	RESERVED
-CVE-2019-12720
-	RESERVED
-CVE-2019-12719
-	RESERVED
+CVE-2019-12720 (AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc ...)
+	TODO: check
+CVE-2019-12719 (An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance ...)
+	TODO: check
 CVE-2019-12718 (A vulnerability in the web-based interface of Cisco Small Business Sma ...)
 	NOT-FOR-US: Cisco
 CVE-2019-12717 (A vulnerability in a CLI command related to the virtualization manager ...)
@@ -25773,6 +25843,7 @@ CVE-2019-11136
 	RESERVED
 CVE-2019-11135 [TSX Asynchronous Abort]
 	RESERVED
+	{DSA-4565-1 DSA-4564-1}
 	- linux <unfixed>
 	- intel-microcode <unfixed>
 	- xen <unfixed>
@@ -33188,30 +33259,35 @@ CVE-2019-8824
 	RESERVED
 CVE-2019-8823
 	RESERVED
+	{DSA-4558-1}
 	- webkit2gtk 2.26.1-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
 CVE-2019-8822
 	RESERVED
+	{DSA-4515-1}
 	- webkit2gtk 2.24.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
 CVE-2019-8821
 	RESERVED
+	{DSA-4515-1}
 	- webkit2gtk 2.24.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
 CVE-2019-8820
 	RESERVED
+	{DSA-4558-1}
 	- webkit2gtk 2.26.1-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
 CVE-2019-8819
 	RESERVED
+	{DSA-4558-1}
 	- webkit2gtk 2.26.1-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -33222,28 +33298,34 @@ CVE-2019-8817
 	RESERVED
 CVE-2019-8816
 	RESERVED
+	{DSA-4558-1}
 	- webkit2gtk 2.26.1-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
 CVE-2019-8815
 	RESERVED
+	{DSA-4558-1}
 	- webkit2gtk 2.26.0-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
 CVE-2019-8814
 	RESERVED
+	{DSA-4563-1}
 CVE-2019-8813
 	RESERVED
+	{DSA-4558-1}
 	- webkit2gtk 2.26.1-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
 CVE-2019-8812
 	RESERVED
+	{DSA-4563-1}
 CVE-2019-8811
 	RESERVED
+	{DSA-4558-1}
 	- webkit2gtk 2.26.1-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -33254,6 +33336,7 @@ CVE-2019-8809
 	RESERVED
 CVE-2019-8808
 	RESERVED
+	{DSA-4558-1}
 	- webkit2gtk 2.26.0-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -33308,12 +33391,14 @@ CVE-2019-8784
 	RESERVED
 CVE-2019-8783
 	RESERVED
+	{DSA-4558-1}
 	- webkit2gtk 2.26.1-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
 CVE-2019-8782
 	RESERVED
+	{DSA-4558-1}
 	- webkit2gtk 2.26.0-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -33364,18 +33449,21 @@ CVE-2019-8767
 	RESERVED
 CVE-2019-8766
 	RESERVED
+	{DSA-4558-1}
 	- webkit2gtk 2.26.0-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
 CVE-2019-8765
 	RESERVED
+	{DSA-4515-1}
 	- webkit2gtk 2.24.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
 CVE-2019-8764
 	RESERVED
+	{DSA-4558-1}
 	- webkit2gtk 2.26.0-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -33427,6 +33515,7 @@ CVE-2019-8744
 	RESERVED
 CVE-2019-8743
 	RESERVED
+	{DSA-4558-1}
 	- webkit2gtk 2.26.0-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -33520,6 +33609,7 @@ CVE-2019-8711
 	RESERVED
 CVE-2019-8710
 	RESERVED
+	{DSA-4558-1}
 	- webkit2gtk 2.26.0-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -43678,8 +43768,8 @@ CVE-2019-4654
 	RESERVED
 CVE-2019-4653
 	RESERVED
-CVE-2019-4652
-	RESERVED
+CVE-2019-4652 (IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file per ...)
+	TODO: check
 CVE-2019-4651
 	RESERVED
 CVE-2019-4650
@@ -54050,10 +54140,10 @@ CVE-2019-1459
 	RESERVED
 CVE-2019-1458
 	RESERVED
-CVE-2019-1457
-	RESERVED
-CVE-2019-1456
-	RESERVED
+CVE-2019-1457 (A security feature bypass vulnerability exists in Microsoft Office sof ...)
+	TODO: check
+CVE-2019-1456 (A remote code execution vulnerability exists in Microsoft Windows when ...)
+	TODO: check
 CVE-2019-1455
 	RESERVED
 CVE-2019-1454
@@ -54066,148 +54156,148 @@ CVE-2019-1451
 	RESERVED
 CVE-2019-1450
 	RESERVED
-CVE-2019-1449
-	RESERVED
-CVE-2019-1448
-	RESERVED
-CVE-2019-1447
-	RESERVED
-CVE-2019-1446
-	RESERVED
-CVE-2019-1445
-	RESERVED
+CVE-2019-1449 (A security feature bypass vulnerability exists in the way that Office  ...)
+	TODO: check
+CVE-2019-1448 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+	TODO: check
+CVE-2019-1447 (A spoofing vulnerability exists when Office Online does not validate o ...)
+	TODO: check
+CVE-2019-1446 (An information disclosure vulnerability exists when Microsoft Excel im ...)
+	TODO: check
+CVE-2019-1445 (A spoofing vulnerability exists when Office Online does not validate o ...)
+	TODO: check
 CVE-2019-1444
 	RESERVED
-CVE-2019-1443
-	RESERVED
-CVE-2019-1442
-	RESERVED
-CVE-2019-1441
-	RESERVED
-CVE-2019-1440
-	RESERVED
-CVE-2019-1439
-	RESERVED
-CVE-2019-1438
-	RESERVED
-CVE-2019-1437
-	RESERVED
-CVE-2019-1436
-	RESERVED
-CVE-2019-1435
-	RESERVED
-CVE-2019-1434
-	RESERVED
-CVE-2019-1433
-	RESERVED
-CVE-2019-1432
-	RESERVED
+CVE-2019-1443 (An information disclosure vulnerability exists in Microsoft SharePoint ...)
+	TODO: check
+CVE-2019-1442 (A security feature bypass vulnerability exists when Microsoft Office d ...)
+	TODO: check
+CVE-2019-1441 (A remote code execution vulnerability exists when the Windows font lib ...)
+	TODO: check
+CVE-2019-1440 (An information disclosure vulnerability exists when the win32k compone ...)
+	TODO: check
+CVE-2019-1439 (An information disclosure vulnerability exists when the Windows GDI co ...)
+	TODO: check
+CVE-2019-1438 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
+	TODO: check
+CVE-2019-1437 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
+	TODO: check
+CVE-2019-1436 (An information disclosure vulnerability exists when the win32k compone ...)
+	TODO: check
+CVE-2019-1435 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
+	TODO: check
+CVE-2019-1434 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+	TODO: check
+CVE-2019-1433 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
+	TODO: check
+CVE-2019-1432 (An information disclosure vulnerability exists when DirectWrite improp ...)
+	TODO: check
 CVE-2019-1431
 	RESERVED
-CVE-2019-1430
-	RESERVED
-CVE-2019-1429
-	RESERVED
-CVE-2019-1428
-	RESERVED
-CVE-2019-1427
-	RESERVED
-CVE-2019-1426
-	RESERVED
-CVE-2019-1425
-	RESERVED
-CVE-2019-1424
-	RESERVED
-CVE-2019-1423
-	RESERVED
-CVE-2019-1422
-	RESERVED
+CVE-2019-1430 (A remote code execution vulnerability exists when Windows Media Founda ...)
+	TODO: check
+CVE-2019-1429 (A remote code execution vulnerability exists in the way that the scrip ...)
+	TODO: check
+CVE-2019-1428 (A remote code execution vulnerability exists in the way that the scrip ...)
+	TODO: check
+CVE-2019-1427 (A remote code execution vulnerability exists in the way that the scrip ...)
+	TODO: check
+CVE-2019-1426 (A remote code execution vulnerability exists in the way that the scrip ...)
+	TODO: check
+CVE-2019-1425 (An elevation of privilege vulnerability exists when Visual Studio fail ...)
+	TODO: check
+CVE-2019-1424 (A security feature bypass vulnerability exists when Windows Netlogon i ...)
+	TODO: check
+CVE-2019-1423 (An elevation of privilege vulnerability exists in the way that the Sta ...)
+	TODO: check
+CVE-2019-1422 (An elevation of privilege vulnerability exists in the way that the iph ...)
+	TODO: check
 CVE-2019-1421
 	RESERVED
-CVE-2019-1420
-	RESERVED
-CVE-2019-1419
-	RESERVED
-CVE-2019-1418
-	RESERVED
-CVE-2019-1417
-	RESERVED
-CVE-2019-1416
-	RESERVED
-CVE-2019-1415
-	RESERVED
+CVE-2019-1420 (An elevation of privilege vulnerability exists in the way that the dss ...)
+	TODO: check
+CVE-2019-1419 (A remote code execution vulnerability exists in Microsoft Windows when ...)
+	TODO: check
+CVE-2019-1418 (An information vulnerability exists when Windows Modules Installer Ser ...)
+	TODO: check
+CVE-2019-1417 (An elevation of privilege vulnerability exists when the Windows Data S ...)
+	TODO: check
+CVE-2019-1416 (An elevation of privilege vulnerability exists due to a race condition ...)
+	TODO: check
+CVE-2019-1415 (An elevation of privilege vulnerability exists in Windows Installer be ...)
+	TODO: check
 CVE-2019-1414
 	RESERVED
-CVE-2019-1413
-	RESERVED
-CVE-2019-1412
-	RESERVED
-CVE-2019-1411
-	RESERVED
+CVE-2019-1413 (A security feature bypass vulnerability exists when Microsoft Edge imp ...)
+	TODO: check
+CVE-2019-1412 (An information disclosure vulnerability exists in Windows Adobe Type M ...)
+	TODO: check
+CVE-2019-1411 (An information disclosure vulnerability exists when DirectWrite improp ...)
+	TODO: check
 CVE-2019-1410
 	RESERVED
-CVE-2019-1409
-	RESERVED
-CVE-2019-1408
-	RESERVED
-CVE-2019-1407
-	RESERVED
-CVE-2019-1406
-	RESERVED
-CVE-2019-1405
-	RESERVED
+CVE-2019-1409 (An information disclosure vulnerability exists when the Windows Remote ...)
+	TODO: check
+CVE-2019-1408 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+	TODO: check
+CVE-2019-1407 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
+	TODO: check
+CVE-2019-1406 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+	TODO: check
+CVE-2019-1405 (An elevation of privilege vulnerability exists when the Windows Univer ...)
+	TODO: check
 CVE-2019-1404
 	RESERVED
 CVE-2019-1403
 	RESERVED
-CVE-2019-1402
-	RESERVED
+CVE-2019-1402 (An information disclosure vulnerability exists in Microsoft Office sof ...)
+	TODO: check
 CVE-2019-1401
 	RESERVED
 CVE-2019-1400
 	RESERVED
-CVE-2019-1399
-	RESERVED
-CVE-2019-1398
-	RESERVED
-CVE-2019-1397
-	RESERVED
-CVE-2019-1396
-	RESERVED
-CVE-2019-1395
-	RESERVED
-CVE-2019-1394
-	RESERVED
-CVE-2019-1393
-	RESERVED
-CVE-2019-1392
-	RESERVED
-CVE-2019-1391
-	RESERVED
-CVE-2019-1390
-	RESERVED
-CVE-2019-1389
-	RESERVED
-CVE-2019-1388
-	RESERVED
+CVE-2019-1399 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
+	TODO: check
+CVE-2019-1398 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
+	TODO: check
+CVE-2019-1397 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
+	TODO: check
+CVE-2019-1396 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+	TODO: check
+CVE-2019-1395 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+	TODO: check
+CVE-2019-1394 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+	TODO: check
+CVE-2019-1393 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+	TODO: check
+CVE-2019-1392 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+	TODO: check
+CVE-2019-1391 (A denial of service vulnerability exists when Windows improperly handl ...)
+	TODO: check
+CVE-2019-1390 (A remote code execution vulnerability exists in the way that the VBScr ...)
+	TODO: check
+CVE-2019-1389 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
+	TODO: check
+CVE-2019-1388 (An elevation of privilege vulnerability exists in the Windows Certific ...)
+	TODO: check
 CVE-2019-1387
 	RESERVED
 CVE-2019-1386
 	RESERVED
-CVE-2019-1385
-	RESERVED
-CVE-2019-1384
-	RESERVED
-CVE-2019-1383
-	RESERVED
-CVE-2019-1382
-	RESERVED
-CVE-2019-1381
-	RESERVED
-CVE-2019-1380
-	RESERVED
-CVE-2019-1379
-	RESERVED
+CVE-2019-1385 (An elevation of privilege vulnerability exists when the Windows AppX D ...)
+	TODO: check
+CVE-2019-1384 (A security feature bypass vulnerability exists where a NETLOGON messag ...)
+	TODO: check
+CVE-2019-1383 (An elevation of privilege vulnerability exists when the Windows Data S ...)
+	TODO: check
+CVE-2019-1382 (An elevation of privilege vulnerability exists when ActiveX Installer  ...)
+	TODO: check
+CVE-2019-1381 (An information disclosure vulnerability exists when the Windows Servic ...)
+	TODO: check
+CVE-2019-1380 (A local elevation of privilege vulnerability exists in how splwow64.ex ...)
+	TODO: check
+CVE-2019-1379 (An elevation of privilege vulnerability exists when the Windows Data S ...)
+	TODO: check
 CVE-2019-1378 (An elevation of privilege vulnerability exists in Windows 10 Update As ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-1377
@@ -54216,16 +54306,16 @@ CVE-2019-1376 (An information disclosure vulnerability exists in Microsoft SQL S
 	NOT-FOR-US: Microsoft
 CVE-2019-1375 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
 	NOT-FOR-US: Microsoft
-CVE-2019-1374
-	RESERVED
-CVE-2019-1373
-	RESERVED
+CVE-2019-1374 (An information disclosure vulnerability exists in the way Windows Erro ...)
+	TODO: check
+CVE-2019-1373 (A remote code execution vulnerability exists in Microsoft Exchange thr ...)
+	TODO: check
 CVE-2019-1372 (An remote code execution vulnerability exists when Azure App Service/  ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-1371 (A remote code execution vulnerability exists when Internet Explorer im ...)
 	NOT-FOR-US: Microsoft
-CVE-2019-1370
-	RESERVED
+CVE-2019-1370 (An information disclosure vulnerability exists when affected Open Encl ...)
+	TODO: check
 CVE-2019-1369 (An information disclosure vulnerability exists when affected Open Encl ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-1368 (A security feature bypass exists when Windows Secure Boot improperly r ...)
@@ -54316,8 +54406,8 @@ CVE-2019-1326 (A denial of service vulnerability exists in Remote Desktop Protoc
 	NOT-FOR-US: Microsoft
 CVE-2019-1325 (An elevation of privilege vulnerability exists in the Windows redirect ...)
 	NOT-FOR-US: Microsoft
-CVE-2019-1324
-	RESERVED
+CVE-2019-1324 (An information disclosure vulnerability exists when the Windows TCP/IP ...)
+	TODO: check
 CVE-2019-1323 (An elevation of privilege vulnerability exists in the Microsoft Window ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-1322 (An elevation of privilege vulnerability exists when Windows improperly ...)
@@ -54344,10 +54434,10 @@ CVE-2019-1312
 	RESERVED
 CVE-2019-1311 (A remote code execution vulnerability exists when the Windows Imaging  ...)
 	NOT-FOR-US: Microsoft
-CVE-2019-1310
-	RESERVED
-CVE-2019-1309
-	RESERVED
+CVE-2019-1310 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
+	TODO: check
+CVE-2019-1309 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
+	TODO: check
 CVE-2019-1308 (A remote code execution vulnerability exists in the way that the Chakr ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-1307 (A remote code execution vulnerability exists in the way that the Chakr ...)
@@ -54496,8 +54586,8 @@ CVE-2019-1236 (A remote code execution vulnerability exists in the way that the
 	NOT-FOR-US: Microsoft
 CVE-2019-1235 (An elevation of privilege vulnerability exists in Windows Text Service ...)
 	NOT-FOR-US: Microsoft
-CVE-2019-1234
-	RESERVED
+CVE-2019-1234 (A spoofing vulnerability exists when Azure Stack fails to validate cer ...)
+	TODO: check
 CVE-2019-1233 (A denial of service vulnerability exists in Microsoft Exchange Server  ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-1232 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
@@ -55536,12 +55626,12 @@ CVE-2019-0723 (A denial of service vulnerability exists when Microsoft Hyper-V N
 	NOT-FOR-US: Microsoft
 CVE-2019-0722 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
 	NOT-FOR-US: Microsoft
-CVE-2019-0721
-	RESERVED
+CVE-2019-0721 (A remote code execution vulnerability exists when Windows Hyper-V Netw ...)
+	TODO: check
 CVE-2019-0720 (A remote code execution vulnerability exists when Windows Hyper-V Netw ...)
 	NOT-FOR-US: Microsoft
-CVE-2019-0719
-	RESERVED
+CVE-2019-0719 (A remote code execution vulnerability exists when Windows Hyper-V Netw ...)
+	TODO: check
 CVE-2019-0718 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-0717 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
@@ -55554,8 +55644,8 @@ CVE-2019-0714 (A denial of service vulnerability exists when Microsoft Hyper-V N
 	NOT-FOR-US: Microsoft
 CVE-2019-0713 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
 	NOT-FOR-US: Microsoft
-CVE-2019-0712
-	RESERVED
+CVE-2019-0712 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
+	TODO: check
 CVE-2019-0711 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-0710 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
@@ -57700,10 +57790,12 @@ CVE-2019-0156
 	RESERVED
 CVE-2019-0155
 	RESERVED
+	{DSA-4564-1}
 	- linux <unfixed>
 	[jessie] - linux <not-affected> (Driver doesn't support this hardware)
 CVE-2019-0154
 	RESERVED
+	{DSA-4564-1}
 	- linux <unfixed>
 CVE-2019-0153 (Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 m ...)
 	NOT-FOR-US: Intel(R) CSME
@@ -58953,8 +59045,8 @@ CVE-2018-18820 (A buffer overflow was discovered in the URL-authentication backe
 	NOTE: Fixed by: https://gitlab.xiph.org/xiph/icecast-server/commit/b21a7283bd1598c5af0bbb250a041ba8198f98f2
 	NOTE: Additional issue fixed with https://gitlab.xiph.org/xiph/icecast-server/commit/03ea74c04a5966114c2fe66e4e6892d11a68181e
 	NOTE: https://lgtm.com/blog/icecast_snprintf_CVE-2018-18820
-CVE-2018-18819
-	RESERVED
+CVE-2018-18819 (A vulnerability in the web conference chat component of MiCollab, vers ...)
+	TODO: check
 CVE-2018-18818
 	RESERVED
 CVE-2018-18817 (The Leostream Agent before Build 7.0.1.0 when used with Leostream Conn ...)
@@ -76460,6 +76552,7 @@ CVE-2018-12208 (Buffer overflow in HECI subsystem in Intel(R) CSME before versio
 	NOT-FOR-US: Intel
 CVE-2018-12207 [iTLB Multihit]
 	RESERVED
+	{DSA-4564-1}
 	- linux <unfixed>
 	[jessie] - linux <ignored> (Untrusted guests are no longer supportable)
 	- xen <unfixed>
@@ -226747,8 +226840,7 @@ CVE-2014-7144 (OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x
 	- python-keystonemiddleware 1.0.0-3 (bug #762748)
 	- python-keystoneclient 1:0.10.1-2 (bug #762749)
 	[wheezy] - python-keystoneclient <no-dsa> (Minor issue)
-CVE-2014-7143 [twisted: trustRoot not respected in HTTP client]
-	RESERVED
+CVE-2014-7143 (Python Twisted 14.0 trustRoot is not respected in HTTP client ...)
 	- twisted 14.0.2-1 (bug #761983)
 	[wheezy] - twisted <not-affected> (Only affects 14.0 series)
 	[squeeze] - twisted <not-affected> (Only affects 14.0 series)
@@ -234198,8 +234290,7 @@ CVE-2014-3600 (XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x be
 	- activemq 5.6.0+dfsg1-4 (low; bug #777196)
 	[wheezy] - activemq 5.6.0+dfsg-1+deb7u1
 	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
-CVE-2014-3599
-	RESERVED
+CVE-2014-3599 (HornetQ REST is vulnerable to XML External Entity due to insecure conf ...)
 	NOT-FOR-US: HornetQ
 CVE-2014-3598 (The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote atta ...)
 	- pillow 2.5.3-1
@@ -240640,8 +240731,7 @@ CVE-2012-6620 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ta
 	- kronolith2 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2
 	NOTE: fixed upstream in 3.0.17
-CVE-2011-5271 [configure creates temp files insecurely]
-	RESERVED
+CVE-2011-5271 (Pacemaker before 1.1.6 configure script creates temporary files insecu ...)
 	- pacemaker 1.1.6-1 (unimportant; bug #633964)
 	NOTE: https://github.com/ClusterLabs/pacemaker/commit/23ad834
 	NOTE: Only exploitable at build time
@@ -276923,8 +277013,7 @@ CVE-2012-1573 (gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x bef
 	{DSA-2441-1}
 	- gnutls26 2.12.18-1 (high)
 	- gnutls28 3.0.17-2 (high)
-CVE-2012-1572
-	RESERVED
+CVE-2012-1572 (OpenStack Keystone: extremely long passwords can crash Keystone by exh ...)
 	- keystone 2012.1~rc2-1
 CVE-2012-1571 (file before 5.11 and libmagic allow remote attackers to cause a denial ...)
 	{DSA-2422-1}
@@ -277995,8 +278084,7 @@ CVE-2012-1111 (lightdm before 1.0.9 does not properly close file descriptors bef
 	- lightdm 1.0.9-1 (bug #658678)
 CVE-2012-1110 (Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and  ...)
 	NOT-FOR-US: etano not in Debian
-CVE-2012-1109
-	RESERVED
+CVE-2012-1109 (mwlib 0.13 through 0.13.4 has a denial of service vulnerability when p ...)
 	NOT-FOR-US: mwlib not in Debian
 CVE-2012-1108 (The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier al ...)
 	- taglib 1.7.1-1 (low; bug #662705)
@@ -285150,8 +285238,7 @@ CVE-2011-3619 (The apparmor_setprocattr function in security/apparmor/lsm.c in t
 	- linux-2.6 3.0.0-1
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
-CVE-2011-3618 [atop insecure tempfile handling]
-	RESERVED
+CVE-2011-3618 (atop: symlink attack possible due to insecure tempfile handling ...)
 	- atop 1.23-1.1 (low; bug #622794)
 	[lenny] - atop 1.23-1+lenny1 (bug #622794)
 	[squeeze] - atop 1.23-1+squeeze1 (bug #622794)
@@ -285933,8 +286020,7 @@ CVE-2011-3372 (imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x bef
 	[squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
 CVE-2011-3371 (Multiple cross-site scripting (XSS) vulnerabilities in include/functio ...)
 	NOT-FOR-US: PunBB
-CVE-2011-3370
-	RESERVED
+CVE-2011-3370 (statusnet before 0.9.9 has XSS ...)
 	- statusnet <itp> (bug #491723)
 CVE-2011-3369 (The add_conversation function in conversations.c in EtherApe before 0. ...)
 	- etherape 0.9.12-1 (low; bug #645324)
@@ -287299,11 +287385,9 @@ CVE-2011-2938 (Multiple cross-site scripting (XSS) vulnerabilities in filter_api
 CVE-2011-2937 (Cross-site scripting (XSS) vulnerability in the UI messages functional ...)
 	- roundcube 0.5.4+dfsg-1 (low; bug #641996)
 	[squeeze] - roundcube <no-dsa> (Minor issue)
-CVE-2011-2936
-	RESERVED
+CVE-2011-2936 (Elgg through 1.7.10 has a SQL injection vulnerability ...)
 	- elgg <itp> (bug #526197)
-CVE-2011-2935
-	RESERVED
+CVE-2011-2935 (Elgg through 1.7.10 has XSS ...)
 	- elgg <itp> (bug #526197)
 CVE-2011-2934
 	RESERVED
@@ -287417,8 +287501,7 @@ CVE-2011-2898 (net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does n
 	{DSA-2389-1}
 	- linux-2.6 3.0.0-1
 	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.27)
-CVE-2011-2897
-	RESERVED
+CVE-2011-2897 (gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initiali ...)
 	- gdk-pixbuf <not-affected> (This only applies to the old standalone copy shipped until Lenny)
 CVE-2011-2896 (The LZW decompressor in the LWZReadByte function in giftoppm.c in the  ...)
 	{DSA-2426-1 DSA-2354-1}
@@ -299461,8 +299544,7 @@ CVE-2010-3361 (The (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE 2.
 CVE-2010-3360 (Hipo 0.6.1 places a zero-length directory name in the LD_LIBRARY_PATH, ...)
 	- hipo <removed> (bug #598291)
 	[lenny] - hipo <no-dsa> (Minor issue)
-CVE-2010-3359 [gargoyle: insecure library loading]
-	RESERVED
+CVE-2010-3359 (If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, th ...)
 	- gargoyle-free 2009-08-25-2
 	NOTE: http://groups.google.com/group/garglk-dev/browse_thread/thread/1c92ab6f24d5ebe6
 CVE-2010-3358 (HenPlus JDBC SQL-Shell 0.9.7 places a zero-length directory name in th ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/975f7f5678a0aba93b032e694e4a3e15ad7471bd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/975f7f5678a0aba93b032e694e4a3e15ad7471bd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191112/7bf87b9a/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list